Social Skills For Information Security Professionals: The Preface To My Book

On my motives for this book

How and why – I believe – can my story make your life easier

It’s been roughly 11 years since I’ve started commercially working in IT, out of which 7 were profoundly dedicated to InfoSec, a field in which I truly believe there is a lot yet to be done and that each individual can make a difference by their contributions. Similarly to the careers of so many of us, I’ve made a plenty of mistakes that had put my career at risk, significantly slowed down my growth, significantly lowered the income, as well as had negatively impacted my health and personal life. Although making mistakes should be an expected part of any worthwhile career, I had certainly not expected that along the way I’ll taste so many different flavors of life.I’ve had my ups and downs, but I always tried to ensure that whoever was involved, came out with something beneficial to them. Despite having good intentions in my heart, not always was I successful in demonstrating that well. To me, everything I’ve been doing was always about bringing value to others and being the most productive person in the room, long before I have realized that I’ve had been doing it all wrong and my hunger for success was my biggest obstacle. But as the saying goes, “obstacle is the way”, which is why I’m grateful for all of it, and I really want to share my experiences with others, so they can save themselves some trouble and get smarter faster than I had. I wish I’ve had a resource that would guide me through at least the basics of human interactions and effectiveness in the business world. So here it comes. A book that I wish someone else gave me 11 years ago.

I want to be really upfront and transparent with you. Although the companies I’ve worked for were very satisfied with the outcome of my work, to me it came at the cost of my professional and personal relationships. Without any doubt, I can say that because of my stubbornness and improperly directed hunger, I’ve wasted a ton of my potential as well as burnt some potential in others. And that feeling sucks. Realizing that while chasing greatness I’ve had a negative impact on a quality of life of a few people around me, as well as looking at my own life and noticing how much health and energy I wasted – it just sucks. But it sucks in a different way than most things in life suck. It’s not about discomfort this time, but about an actual pain, because while I’ve got compensated quite fine for my around the clock grind, I’ve forgotten about the most important currency we have access to in our lives – time and health. If you’ve got good health and you’ve got time, you have all the resources necessary to makes something great happen. Assuming obviously, that you’re resourceful and can actually understand the value of these powerful two. That’s what I want to be the leading point of this book, i.e. how to achieve your goals quickly, yet without compromising quality of yours and others’ life. I respect your time, which is why I wanted to keep this book as concise as possible, cutting out the fluff each time I’ve noticed any. If this book takes you 2 hours to read, and it saves you as little as 1 day of your life – I’m all set. My mission is accomplished and I’ll feel good about it, because there is no bigger mission than saving lives. This is one of the reasons I’m publishing this book for free. I’m making fair amount of money on selling my time to the corporations, and I want these lessons to reach as many people as possible and help them preserve their time and health. I can make money by other means, but the opportunity to help people improve their health and relationships is so rare, and so huge, that I couldn’t let myself to agree for commercial publishing. I’ve been sharing my knowledge for the past 5 years all over the Internet, at conferences and meetups; and those few voices generous enough to share with me that I’ve helped them improve their lives, are the biggest reward one can get for their work. That’s what I hope this books will do for you – help you achieve your goals at lower costs of all involved stakeholders at all facets of life. I don’t want to monetize on this book. I want you to learn from it, and then for you to monetize newly acquired knowledge by improving as a professional and getting compensated well for your effort. You don’t owe me anything and I don’t expect anything from you. You’ve already given me enough than I’m audacious to ask – your time and attention. Thank you for that, and if you still want to do something for me, then please share your experience and knowledge with others. Help you peers, show them your perspective and help them grow by exposing them to various point of views. Pass your knowledge to others, so they have it easier than you had. To help them avoid the mistakes you’ve made and so that they can save their time and use it to build something bigger or experience other thing life has to offer. Standing on the shoulders of giants. That’s what it all is.I guess at this point you can already smell how much I dislike wasting time and reinventing the wheel 🙂

How and why – I believe – my story can make you avoid personal and professional suffering

Infosec is a stressful job and if not managed properly leads to unhealthy situations which surely can end up with a long-lasting burnout. Burnout is one of the most painful experiences in the life of a professional, especially a good one who is self-aware enough to realize how much of a potential they had and how it just got destroyed. There are many critics saying that the job-related stress in industries such as IT isn’t worth discussing, but I call that a dangerous misconception. You couldn’t get more wrong in thinking that we’re not under high pressure. InfoSec is one of those industries where many things are totally out of our control, and you can’t really sleep well – ever. Many of us got so engaged into the work we do that we started compromising other parts of our lives, introducing unhealthy imbalance. Precisely such imbalance led . So I can relate to all of us, who had experienced tough times. That’s one of the reasons I believe in this book so much. It’s not that it contains any secret knowledge, or that I’m such an egocentric writer. Heck, I’m not even a native speaker english speaker, so I realize my shortcomings, yet I am still ready to take the heat, because I believe in its value. I believe that this book can help – at least to some extent – my InfoSec friends who have struggled, struggle or will struggle with the challenges I’ve been struggling for many years. I hope this book answers some of the questions we ask ourselves and will turn out helpful especially to those of us, who have nobody to turn to for a practical and non-judgmental advice. Writing the book has certainly help me in understanding some concepts better and instilling them deeper into my mind, so I have the answers handy whenever I need them. And I need them pretty much on daily basis, so having this handbook on my computer allows me to stay in sync with reality and remain calm and humble.

The tough experiences had made me who I am today, and with many bad outcomes, I’m getting more and more comfortable with helping others avoid my mistakes. Losing relationships, not taking care of my health which resulted in life-long illnesses and daily pain which decreases the quality of my life, had all contributed to the process of reinventing myself. Moments of the truest joyfulness were these where I’ve learnt that something can be done better. That I can do better and I can be better to other people. It’s thanks to those moments that I’ve used to reinvent myself, I’ve been able to achieve long-lasting fulfillment.

I know I’m starting to sound meta and all that corny stuff, but I decide to still leave it here as I’ve met people who will get to feel the hope again while relate to my story. I’ve got good news for you though. Only the foreword contains so little substance. Please feel free to use this book whatever way you like to. You can read it as a regular book in its entirety or using it as a reference handbook, with easy to navigate index which allows you to jump into specific questions and answers.

Almost nothing worthwhile comes without pain or some sort of suffering so I’ve came to the point where I accept my mistakes and allow myself to live without blaming myself too much for making them. I advise you to look at things similar way, because holding to the past in which we weren’t as smart and wise brings nothing good. Looking at the future as a blank page, allows you to approach things differently and avoid repeating the old mistakes. In the book, I”ll be guiding you through subjects that are very subjective and focus mostly on emotional intelligence and social skills, which can’t be as accurately measured. So you might feel like I’m yet another bozo, but you need to open your mind to fully benefit from it. I promise you that nothing in this book hasn’t been thoroughly tested, and each and every single chapter you find in this book describes lessons learnt from mistakes I’ve made personally in my career. I’m never talking about others, about things I’ve only read or heard about. Everything has been battled tested by yours truly and I believe most of it can be easily replicated into most working environments. It worked for me with minor contextual adjustments while working for companies from various countries on two continents with organisations ranging from a small services startups from Silicon Valley, through public institutions in Poland, to hundreds million dollars big corporations.

You need to sacrifice the present for the better future, but it doesn’t mean you need to sacrifice as much as I’ve had to. I’ve learnt a ton and I want to use that knowledge to help you make your professional life easier. I want you to be more effective and productive than I used to be all those years before I started taking the human aspect more seriously.

Understanding these concepts can potentially enable you to see a bigger picture and gain richer point of view. Please bear in mind that nothing is set in stone and that my experiences may be different from the things you’ve had a chance to experience in your career. So to limit the amount of anxiety and misunderstanding, let’s create a healthy narrative for this journey of ours. I want this book to be an inspiration for you, showing you yet another perspective of someone who gotten his hands dirty, not a predefined set of rules one must follow. Use it as a doof for thought, a content for consumption and a spark to initiate something bigger and adjusted to the to culture of your organization and your personality. Your personality matters. Just because something had worked for me and is indeed a sane way to do things, doesn’t mean you’ll want to follow the same path. Things that come to me easily now may come hard to you, and that’s all fine. We are different, so embrace what’s best in you and use that to achieve what you want to.

How to squeeze maximum value out of invested time in reading this book

This book isn’t an ideal picture of the world. It never intended to be. It was meant to show us ways in which we can be more practical and effective. To show you how we can abandon the fears, imposter syndromes, anxiety and stress – or at least reduce it significantly, by small tweaks in a way we operate on daily basis. I want this book to be practical, so I recommend you to read this book slowly and don’t rush into next chapters. Please read a chapter and give yourself some space to reflect on it. Try to remind yourself a situation to which a chapter would apply and outline counterarguments to what I’ve written. Then find a right balance for you and find the best way for you to navigate through life. I’m not right, and you’re not wrong. We’re both doing our best, and sometimes the best solution is in the middle of two perspectives, of two totally different individuals. You do you. After all while we’re expected to bring value to the business and help it make more money so if you’re still employed, then apparently you must be doing something right! However, regardless of how much we like or dislike our job currently, we can make ourselves like it more. We can make others like us more and we can reduce the anxiety of a whole system. But for that to happen, we must improve our social skills, especially communication skills at scale.

I believe that security professionals can’t achieve their greatness at the workplace, if they’re not being actively supported by all stakeholders across the entire organization and if other employees don’t feel ownership for the organization’s safety. Security just must one of the core values of corporate culture. Each time I have joined an organization, where security professionals wanted to do everything themselves, they miserably and painfully failed shortly after. Fighting a broken security culture without any support from the top leads to burnouts for InfoSec folks and creates general anxiety, irritation and a toxic atmosphere within an organization. No one wants that to happen, yet so often we end up in exactly such situation.

Right, but what about Secure SDLC you may ask? To me Secure SDLC is more technology centric, while DevSecOps is more human and culture centric. I may even write a book on secure SDLC one day, but we have a lot of great content on that matter already, so it’s not a priority by any means. To me, helping people understand the DevSecOps culture is much more important task, although they are very powerful couple, and I believe in the long run, one cannot exist without the other. I would even say that many companies have magnificent SSDLC, but it could be so much better if the operators understood that each business, is a human business first and you can boost whatever you’re doing by involving more people and making them care about it.I’ve met many people who understand how to implement SSDLC principles into their organisations, however not many know how to build the DevSecOps culture which can bring their SSDLC or whatever they’re doing on the totally next level. I’ve spent over 5 years working on implementing DevSecOps culture at the organisations I’ve worked at, because I believed that with so limited resources doing things together is the only way to go. We all hit a point in which we can’t scale anymore, which is why we must seek help of others. And to get such help, it’s good to provide it first. Be the leader people will happily look up to and many doors will open. And by working all together we can do much more and do it much better. SSDLC is fabulous piece of art, and I wish more companies adopted it since 2002 when Microsoft officially announced it. I really with, because we’d be in a completely different shape as the whole industry. But we haven’t so we must add something to it, that will fill the gaps with a work that doesn’t cost much every single one of us. Collaboration and empathy is something that’s not that complicated or expensive if we only decide to take one step forward each and every single day. With a right attitude the culture is something that can be created in the background, while we can use our technical competence to enhance our SSDLC workflows and incrementally improve resilience of the organisations we work for.

I hope the lessons shared in this book will save you – and everyone around you – a lot of anxiety and trouble. I wish I had access to such a resource when I was starting out, which I believe could’ve helped me prevent the damage that has happened otherwise. It’s never too late to learn and improve, so I’m still extremely grateful for an opportunity to have experienced so many things and that now I can share it for benefit of others. I hope this book helps you navigate through social interactions with lower stress and more fruitful results and although this book summarizes the most important lessons learnt over the past decade, I’ll be still happy if it saves you a single day of your life.